asap-cli

    0.4.0 • Public • Published

    ASAP CLI

    A command line utility for generating ASAP (JWT tokens as per the Atlassian Service Authentication Protocol) token and making curl calls with the same.

    The utility generates an ASAP token from a pre-configured config file (or passed in options). This token can be printed out or used to make a curl call directly.

    For more information on ASAP and JWT see

    Installation

    npm install -g asap-cli
    

    Usage

     $ asap
    
      Usage: asap [options] <command>
    
    
      Commands:
    
        init                Pre-configure an ASAP config file which can be used to generate asap tokens
        token               Generate the ASAP Authorization header
        curl                Execute curl commands with auto injected ASAP Auth Header
        http                Execute HTTPie commands with auto injected ASAP Auth Header.
             Note: HTTPie needs to be installed (https://github.com/jkbrzt/httpie)
        show <key>          Output a specific configuration value used by this tool
        run                 Execute the specified command with auto injected ASAP environment variables.
        validate <resourceServerAudience> <publicKeyBaseUrl>
                            Validate the generated ASAP token against a public key server and an expected server audience. This comes handy to check if the asap client configs are setup properly
        export-as-data-uri  Export the private key as a data URI
        proxy [options]     Run an HTTP proxy that adds the ASAP Auth Header, will only bind to localhost.      Note: this will create a ~/.http-mitm-proxy directory containing the generated certificates.
    
      Options:
    
        -h, --help                              output usage information
        --config-file [configFile]              ASAP Config File, defaults to .asap-config
        --private-key [privateKey]              Private Key
        --private-key-file [privateKeyFile]     Private Key File
        --issuer [issuer]                       JWT issuer
        --sub [sub]                             JWT subject
        --audience [audience]                   JWT Audience, comma separated for more than one
        --kid [kid]                             JWT Key ID
        --expiry [expiry]                       Expiry in seconds
        --additional-claims [additionalClaims]  Additional Claims in key=value,anotherKey=anotherValue format Additional Claims in key=value,anotherKey=value format or as JSON
    

    Commands

    init

    Create a config file in the current directory, which can be reused by the other commands.

    Examples

    $ asap init
    Specify the JWT Issuer: token_issuer
    Specify the JWT Subject (leave blank to use issuer): subject
    Specify the JWT Key ID: key_id
    Specify the JWT Audience (comma separated for more than one): intended_audience1,intended_audience2
    Specify the Private Key File (If you want to specify the private key directly, leave this blank): pk.pem
    Specify the JWT token expiry in seconds (defaults to 60 sec): 120
    Specify the ASAP Config File (defaults to .asap-config):
    ASAP Auth config file initialised successfully... curl away!!! (Well.. "asap curl" really)
    

    token

    Generate the ASAP token from the pre-configured config file (defaults to .asap-config). The config file or the values read from the config file can be overriden by specifying the global options. The output can be directly copied to the "Authorization" header.

    Examples

    $ asap token
    Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImtleV9pZCJ9.eyJpc3MiOiJ0b2tlbl9pc3N1ZXIiLCJzdWIiOiJ0b2tlbl9pc3N1ZXIiLCJhdWQiOiJpbnRlbmRlZF9hdWRpZW5jZSIsImp0aSI6ImIxNDgwZDdkNWM5ZTVkMjMwOGUyNzM1MWM4OWI3YjBjNDMzZThkNmYiLCJpYXQiOjE0NjQ5MjQxODcsImV4cCI6MTQ2NDkyNDE4N30.nXdaYTmrHr99miufkHZxKA4kJC6hh2I0x7eO4ELQItJf_67RsnLA13ECT0iDo86tNqniPLwmnEMS9RCRzbumEdiR6vpGGaXM3LV0Y95BRK9YWiqQCWZs7SUstFnTTqI7UjyOtN22kwLbeHLmDRd_YMo2kLBY4Ago0BCNlsCoUKLRiEeMjuO0A_rtKnGuNo7fxGi0XqZVaPC2arHBks-6DmP3mz3FpvT-BO4fDFTA57Bb9HhnTBO6foEyr5q9VTU--Ov_kl8v_Fpi5XlGjWaiPzEfYbyXm1GPQCRu3107lqMShcSTtlkcr73WFNkaK2GPWmyGspuuRFP9tHcxg
    

    Override the expiry set in the config file

    $ asap --expiry 200 token
    Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImtleV9pZCJ9.eyJpc3MiOiJ0b2tlbl9pc3N1ZXIiLCJzdWIiOiJ0b2tlbl9pc3N1ZXIiLCJhdWQiOiJpbnRlbmRlZF9hdWRpZW5jZSIsImp0aSI6ImIxNDgwZDdkNWM5ZTVkMjMwOGUyNzM1MWM4OWI3YjBjNDMzZThkNmYiLCJpYXQiOjE0NjQ5MjQxODcsImV4cCI6MTQ2NDkyNDE4N30.nXdaYTmrHr99miufkHZxKA4kJC6hh2I0x7eO4ELQItJf_67RsnLA13ECT0iDo86tNqniPLwmnEMS9RCRzbumEdiR6vpGGaXM3LV0Y95BRK9YWiqQCWZs7SUstFnTTqI7UjyOtN22kwLbeHLmDRd_YMo2kLBY4Ago0BCNlsCoUKLRiEeMjuO0A_rtKnGuNo7fxGi0XqZVaPC2arHBks-6DmP3mz3FpvT-BO4fDFTA57Bb9HhnTBO6foEyr5q9VTU--Ov_kl8v_Fpi5XlGjWaiPzEfYbyXm1GPQCRu3107lqMShcSTtlkcr73WFNkaK2GPWmyGspuuRFP9tHcxg
    

    Additional JWT claims

    Extra JWT claims can be put under additionalClaims key of .asap-config. Alternatively, they can be passed in as CLI arguments

    asap --additional-claims key=value,anotherKey=anotherValue token
    

    or

    asap --additional-claims '{"key": "value", "anotherKey": true}' token
    

    or when lists are required the following patterns are supported

    asap --additional-claims "list=a,b"
    
    asap --additional-claims "list=[a,b]"
    
    asap --additional-claims "list=a,list=b"
    
    asap --additional-claims "list[]=a,list[]=b"
    
    asap --additional-claims "list[0]=a,list[1]=b"
    
    asap --additional-claims '{"list":["a","b"]}'
    

    Note that passing in additional claims in the command line will completely override any additionalClaims already present in the config file

    curl

    Make curl calls with the ASAP token (generated from the config file) set as the Authorization header. All the arguments meant for the curl command are passed through to curl. So this will support all the options that curl supports. The config file or the values read from the config file can be overriden by specifying the global options.

    Examples

    $ asap curl -X PUT -d "foo=bar" "https://authenticated-service.company.com/item" -v
    > PUT /item HTTP/1.1
    > User-Agent: curl/7.37.1
    > Host: authenticated-service.company.com
    > Accept: */*
    > Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImtleV9pZCJ9.eyJpc3MiOiJ0b2tlbl9pc3N1ZXIiLCJzdWIiOiJ0b2tlbl9pc3N1ZXIiLCJhdWQiOiJpbnRlbmRlZF9hdWRpZW5jZSIsImp0aSI6ImNlOThjN2IyYzUwMTJlYzNhMzBkNjhlNWM0ZTMxZGU0MTgzOGU2YzEiLCJpYXQiOjE0NjQ5MjQ3MTksImV4cCI6MTQ2NDkyNDcxOX0.a45Tz3hSwBpjK91AI46VpZ9DlQ7mA0IisqT7OymSSZiY5Qa1NtW3ZKmgAUFEj4C-MFaC0gB5j2g5-Lu_LjHtCO5KxOvF_eig8nIs3MH57k_jDFJCPioL9nxGbiHYfQd9_InrDVOqz8H_bZeSvnqq94c2MwDhvibYPPMRMEeY1aG3oFWA5m8andeeP1F1799TFzbQZXd0Iv6BOjM35ujAeAGHTqj8wZOEczSoOcXY0dPnrXcPTu9ZLkskhtDYiVHyZHTvA_0ugXX4Wq6D7KZpUbefylS6Be8BrbCscIFyuVDNEyQi5MBIDTGQ8P5Xgn_5A00nGbuiLP63iX-zCp00NQ
    >
    < HTTP/1.1 401 Unauthorized
    < Content-Type: application/json
    
    

    http

    Make HTTPie calls with the ASAP token (generated from the config file) set as the Authorization header. All the arguments meant for the HTTPie command are passed through. So this will support all the options that HTTPie supports. The config file or the values read from the config file can be overriden by specifying the global options.

    Prerequisite: HTTPie needs to be installed. See https://github.com/jkbrzt/httpie for installation and usage.

    Examples

    $ asap http PUT https://authenticated-service.company.com/item X-API-Token:123 foo=bar
    HTTP/1.1 200 OK
    Connection: keep-alive
    Content-Length: 26
    Content-Type: application/json; charset=utf-8
    
    {
        "data": "Some data"
    }
    
    

    show

    Display the current value of a particular config field (from .asap-config)

    Examples

    
    $ asap show issuer
    dev-machine
    
    $ asap show additionalClaims
    { "foo": "bar" }
    
    $ TRUSTED_ISSUERS=$(asap show issuer) ./run-local-server.sh
    
    

    proxy

    Runs an HTTP(S) proxy (defaults to port 8888) which will add the ASAP token as Authorization header to forwarded requests. Note that this terminates TLS since the requests have to be modified, storing the generated certificates in ~/.http-mitm-proxy.

    $ asap proxy --port 8889
    Listening on port 8889, will generate JWT tokens for user/1481174136
    

    Now localhost:8889 can be used as a proxy server which will add the Authorization headers to the forwarded requests.

    Example:

    $ curl --proxy 127.0.0.1:8888 --insecure https://www.google.com -v
    
    * Rebuilt URL to: https://www.google.com/
    * Hostname was NOT found in DNS cache
    *   Trying 127.0.0.1...
    * Connected to 127.0.0.1 (127.0.0.1) port 8888 (#0)
    * Establish HTTP proxy tunnel to www.google.com:443
    > CONNECT www.google.com:443 HTTP/1.1
    > Host: www.google.com:443
    > User-Agent: curl/7.37.1
    > Proxy-Connection: Keep-Alive
    >
    < HTTP/1.1 200 OK
    <
    * Proxy replied OK to CONNECT request
    * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    * Server certificate: www.google.com
    > GET / HTTP/1.1
    > User-Agent: curl/7.37.1
    > Host: www.google.com
    > Accept: */*
    >
    < HTTP/1.1 302 Found
    < cache-control: private
    < content-type: text/html; charset=UTF-8
    < location: https://www.google.com.au/?gfe_rd=cr&ei=Kih4WO3mMq3r8AeZoangAw
    
    * Closing connection 0
    
    

    run

    Executes the specified command (with arguments) with the ASAP_ environment variables set:

    • ASAP_KEY_ID
    • ASAP_ISSUER
    • ASAP_PRIVATE_KEY
    • ASAP_AUDIENCE
    • ASAP_PUBLIC_KEY_REPOSITORY_URL
    • ASAP_PUBLIC_KEY_FALLBACK_REPOSITORY_URL
    $ asap run env
    PATH=...
    ASAP_KEY_ID=...
    
    $ asap run python script.py --port 8080
    

    Configuration

    .asap-config

    The tool expects a .asap-config file to be present in the current directory.

    Note: If no config is present, the tool will look for one in your home dir (i.e., ~/.asap-config)

    Development guide

    Install dependencies

    npm install
    

    Useful commands

    # Run all checks
    npm run check
    
    # Run just the jasmine tests
    npm test
    
    # Run just the linter
    npm run lint
    

    Perform a release

    npm version 99.98.97
    npm publish
    git push
    git push --tags
    

    Keywords

    none

    Install

    npm i asap-cli

    DownloadsWeekly Downloads

    39

    Version

    0.4.0

    License

    MIT

    Unpacked Size

    66.5 kB

    Total Files

    18

    Last publish

    Collaborators

    • dlaha
    • jbunton-atlassian